Method and apparatus for multiterminal support using bluetooth based audio gateway

ABSTRACT

Disclosed herein is a system for configuring and setting up a one to one communication correspondence between a headset and a mobile device. The authentication PIN allows communication of the headset with only those devices that are authenticated using the PIN. A first software application and a second software application are provided on the mobile device and a headset respectively. The process of configuring the PIN access information on the headset using the first and second application comprises the step of establishing a secure communication link by completing challenge response sequence between the headset and the device using the currently prevailing PIN, transmitting a configuration set PIN from the device to the headset, enforcing reauthentication using the newly configured PIN, and establishing and locking a communication between the device and the headset based on the new personal identification number.

BACKGROUND

This invention in general relates to wireless communications andspecifically relates to a method and system for establishing a one toone secure communication correspondence between a mobile device and aBluetooth headset.

Bluetooth™ is an industrial specification standard for wirelesscommunications in a personal area network. Bluetooth standard enablescommunication between devices such as laptops, mobile phones, Bluetoothenabled headsets, digital cameras, etc., using short range radiofrequency.

For reasons of security, authentication is required prior to connectinga Bluetooth enabled mobile device to a Bluetooth headset. A personalidentification number (PIN) may be used for establishing a securecommunication correspondence between the headset and the mobile device.For example, today the commercially available Bluetooth headsets areassigned fixed PINs during manufacture. The communicating mobile devicestypically employ such fixed PINs to establish a secure communicationwith the headsets. Bluetooth security is based on the generation ofsecurity keys using a PIN code. In most Bluetooth devices, “0000” is acommonly assigned PIN by the manufacturer of the Bluetooth device.

If an attacker can discover a Bluetooth device, the attacker may be ableto send unsolicited messages or abuse the Bluetooth service. An attackermay be able to find a way to access or corrupt the data. One example ofthis type of activity is “bluesnarfing”. Bluesnarfing refers toattackers using a Bluetooth connection to steal information from aBluetooth device. Also, viruses and other malicious codes can takeadvantage of Bluetooth technology to infect other devices. If theBluetooth device is infected, the data may be corrupted, compromised,stolen, or lost.

Many Bluetooth headset related security issues arise due to the wellknown fixed PIN associated with the Bluetooth headset. Ideally, themanufacturers of Bluetooth headsets would prefer to have different PINsassigned to different headsets during manufacturing. However, it is notefficient from a manufacturing and assembly perspective to provide aunique PIN to each device. Providing an additional human machineinterface on the headsets to configure the PIN may also not be a costeffective solution.

Therefore, there is a need for a method and system that is capable ofestablishing a one to one secure communication correspondence between amobile device and a Bluetooth headset that enables device specific PINs.

SUMMARY

The method and system disclosed herein addresses the above challenges ofPIN based security in Bluetooth communication between a human-machineinterface (HMI) capable Bluetooth device such as a mobile handset and adevice without HMI such as a Bluetooth headset.

Disclosed herein is a method and system for configuring and setting up aone to one communication correspondence between a Bluetooth headset anda Bluetooth mobile device. A challenge-response sequence, using anauthentication PIN, is initiated between the headset and the mobiledevice for authentication purposes. After a successfulchallenge-response sequence, the mobile device is allowed to communicatewith the headset, thereby allowing a secure communication channel toexist between the mobile device and the headset.

Headsets may not be provided with a human-machine interface (HMI)capability required to change the PIN. The method and system disclosedherein allows a user to change the headset PIN using the Bluetoothconnectivity between the headset and the mobile device, wherein a mobiledevice can be seen as an extended HMI of the headset. The inventionallows a Bluetooth headset user to change the default PIN associatedwith the Bluetooth headset, thereby reducing the security riskassociated with the usage of Bluetooth headsets.

The process of configuring the PIN associated with the headset comprisesthe step of transmitting a configuration set PIN from the mobile deviceto the headset. The configuration set PIN is transmitted via Bluetoothwireless communication.

When provided with a new headset, the user would first need to establisha secure connection with the mobile device. Once a connection isestablished, the user may be prompted either by the mobile device or theheadset to reset the PIN code. The operation sequence can be the same asresetting an account password; such as first, asking for the oldpassword, if matched, prompting for a new password and then reconfirmingthe password entry.

In another embodiment of the invention, other configuration parametersof the headset besides the PIN such as audio gain setting may also besecurely configured or altered.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing summary, as well as the following detailed description ofthe embodiments, is better understood when read in conjunction with theappended drawings. For the purpose of illustrating the invention, thereis shown in the drawings exemplary constructions of the invention;however, the invention is not limited to the specific methods andinstrumentalities disclosed.

FIG. 1 exemplarily illustrates the system for establishing anauthentication PIN on the Bluetooth headset.

FIG. 2 exemplarily illustrates the method of establishing anauthentication PIN on the Bluetooth headset.

FIG. 3 exemplarily illustrates the method of configuring parameters ofthe Bluetooth headset.

FIG. 4 exemplarily illustrates a message sequence chart for configuringthe PIN and the audio settings of the Bluetooth headset.

DETAILED DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an exemplary system for establishing anauthentication PIN on the Bluetooth headset 101. A Bluetooth headset 101is in a wireless communication with a Bluetooth enabled mobile device106. The mobile device 106 can use the Bluetooth connectivity toconfigure various parameters of the Bluetooth headset 101 by acting asan extended HMI of the Bluetooth headset 101. The mobile device 106comprises a first application 107, which further comprises a firstpersonal identification number configuration module. The antennae 108 aand 108 b are capable of receiving and transmitting short range radiofrequency waves. A Bluetooth transceiver 105 b located on the mobiledevice 106 is configured to decode and encode the radio signals,received and transmitted. The first application 107 of the mobile device106 performs the identification and authentication procedures concerningthe mobile device 106. A communication module 111 establishes anauthenticated communication channel, locks the communication channel forthe entire duration of the connection, warns the user if the headset 101moves out of the coverage range of the mobile device 106, anddisconnects an existing connection after the lapse of the duration or asinstructed by the user. A memory unit 109 associated with the mobiledevice 106 stores all relevant information associated with the mobiledevice 106. A display unit 110 and an input unit 112 of the mobiledevice 106 act as HMI of the mobile device 106. The display unit 110 maybe one of a liquid crystal display (LCD), a touch screen, etc. The inputunit 112 may be one of a keypad, voice recognition unit, touch screen,etc.

The Bluetooth headset 101 comprises a second application 102 thatperforms the identification and authentication procedures for theBluetooth headset 101. The second application 102 provided on theheadset 101 comprises a second personal identification numberconfiguration module and a PIN identification module 103. The secondapplication 102 further comprises a personal identification numberstorage means that stores permitted personal identification numbers. Thepersonal identification number storage means contains a PIN memory unit113 and a memory access means. The mobile device 106 comprises a memoryunit 109 that can be accessed by the memory access means of the secondapplication 102 on the headset 101.

The Bluetooth headset 101 further comprises a Bluetooth transceiver 105a coupled to an antenna 108 a, functionally similar to the Bluetoothtransceiver 105 b and antenna 108 b of the mobile device 106. TheBluetooth transceiver 105 a receives Bluetooth packets from a mobiledevice 106 in the vicinity of the headset 101. The PIN identificationmodule 103 recognizes the currently prevailing PIN of the mobile device106 requesting connectivity with the headset 101. The PIN identificationmodule 103 further may use the currently prevailing PIN of the mobiledevice 106 during a challenge-response sequence to establish a secureconnection.

The PIN memory unit 113 may further comprise a PIN database. A newconfiguration set PIN inputted by the user is transmitted from themobile device 106 to the headset 101. After the new configuration setPIN is accepted by the headset 101, an authentication module 104enforces reauthentication using the new configuration set PIN. Afterreauthentication, the new configuration set PIN is stored as one of thepermitted PINs in the PIN database of the Bluetooth headset 101.

The PIN memory unit 113 of the Bluetooth headset 101 comprises the PINaccess information such as a list of all the permitted PINs, userprofiles, Bluetooth headset information, details of the users permittedto change the personal identification number, etc.

In one embodiment, the PIN access information resides locally in the PINmemory unit 113 of the Bluetooth headset 101. In another embodiment, thePIN access information may be stored in the mobile device's memory unit109, thereby acting as an extended external memory of the Bluetoothheadset 101.

FIG. 2 exemplarily illustrates a method of establishing anauthentication PIN on the Bluetooth headset 101 for a secured Bluetoothcommunication between the Bluetooth headset 101 and the mobile device106. A first application 107 provided 201 on the mobile device 106 and asecond application 102 provided 202 on the Bluetooth headset 101 areused in the PIN identification and authentication procedures. The PINaccess information is configured 203 on the headset 101. The PIN accessinformation comprises a list of all the permitted PINs, the details ofthe currently prevailing PIN, such as the timestamp of PIN setting,change history of the currently prevailing PIN, etc. The step ofconfiguring PIN access information 203 involves first establishing asecure Bluetooth link between the mobile device 106 and the headset 101by completing a challenge response sequence using the currentlyprevailing PIN 203 a. Once a secure communication link is successfullyestablished, and upon being triggered either by user action on themobile device 106 or an autonomous request from the headset 101, a newconfiguration set PIN 203 b is transmitted, using the first personalidentification number configuration module, from the mobile device 106to the Bluetooth headset 101. The autonomous request from the headset101 may be generated based on a pre-set timeout on how long thecurrently prevailing PIN has been in use. The new configuration set PINfrom the mobile device 106 is stored as a permitted personalidentification number in the PIN database of the PIN memory unit 113.After configuring the PIN access information, as a final step towardscommitting the newly configured PIN, a one to one communicationcorrespondence between the Bluetooth headset 101 and the mobile device106 is created using the new configuration set PIN.

The step of creating a one to one communication correspondence comprisesautomatically enforcing reauthentication using the new configuration setPIN 203 c. A communication between the mobile device 106 and theBluetooth headset 101 is established and the communication is lockedusing the new configuration set PIN. If the attempt to establishcommunication using the new configuration set PIN is not successful,then the headset 101 will revert to the older PIN, or a default PIN.

FIG. 3 exemplarily illustrates the method of configuring parameters ofthe Bluetooth headset 101. An example of a configuration parameter isthe audio volume settings in the headset 101. A first application 107provided 301 on the mobile device 106 and a second application 102provided 302 on the Bluetooth headset 101 are used for configuringparameters on the headset 101. The step of configuring parameters 303 onthe headset 101 involves first establishing a secure Bluetooth linkbetween the mobile device 106 and the headset 101 by completing achallenge response sequence using the currently prevailing PIN 303 a. Aone to one communication correspondence is created between the mobiledevice 106 and the Bluetooth headset 101 after a successful challengeresponse sequence. The Bluetooth headset 101 then verifies if thetransmitted request for altering a configuration parameter isauthorized. The new value of the configuration parameter is transmitted303 b to the headset 101. If the request for altering the configurationparameter is authorized, the change in the configuration parameter ofthe Bluetooth headset 101 is permitted and applied. After applying thechange in the configuration parameter of the Bluetooth headset 101, theBluetooth headset 101 may transmit a confirmation message to the mobiledevice 106, confirming the change in the configuration parameter. If achange in the configuration parameter to a value not supported by theBluetooth headset 101 is requested, the Bluetooth headset 101 maytransmit an error message to the mobile device 106.

FIG. 4 exemplarily illustrates a message sequence chart for configuringPIN and the audio settings of the Bluetooth headset 101. Specifically,FIG. 4 illustrates a message sequence chart that exemplifies asuccessful change of PIN and an unsuccessful change of audio volumesettings of the headset 101. In FIG. 4, the left-most vertical linerepresents the mobile device 106 and the right-most vertical linerepresents the Bluetooth headset 101. Once an authenticatedcommunication is established 401 between the mobile device 106 and theBluetooth headset 101 through a challenge-response sequence, theauthorized user is allowed to change any configuration parameterincluding the authentication PIN of the Bluetooth headset 101. Forexample, the user may initiate a request to change the currentlyprevailing PIN to 1234 402 from the mobile device 106 to the Bluetoothheadset 101. In return the Bluetooth headset 101 first verifies whetherthe request is authorized and receives the request to change the PIN.The verification procedure may involve the step of prompting the userfor the currently prevailing PIN or the default PIN provided by themanufacturer. The currently prevailing PIN may be replaced with therequested PIN and a confirmation message may be transmitted back 403 tothe mobile device 106 after the headset 101 saves the new PIN. Then, theheadset 101 using the authentication module 104 forces thereauthentication of the connection using the newly assigned PIN 404. Ifthe reauthentication is successful 405, the headset 101 commits the newPIN as the default or prevailing PIN. The authorized user is allowed tochange configuration settings of other parameters of the Bluetoothheadset 101 to customize the Bluetooth headset 101 to the user'srequirement. For example, the user may request to configure the audiovolume of the Bluetooth headset 101. The request message is transmitted406 from the mobile device 106 to the Bluetooth headset 101. Afterrepeating the verification procedure, the Bluetooth headset 101 receivesthe request to change the audio volume settings. The Bluetooth headset101 determines whether or not the audio volume parameter is supported.If the requested audio volume value is within the acceptable range ofthe headset 101, the change in the audio volume is accepted and aconfirmation message is transmitted to the mobile device 106. If thevalue is outside the acceptable limit, the Bluetooth headset 101 maydeny the request and transmit an error message 407 to the mobile device106. After the completion of the procedure, both the Bluetooth headset101 and the mobile device 106 mutually concur and complete theconfiguration 408.

In an embodiment of the invention, the authentication PIN used to accessthe Bluetooth headset 101 may be common to a plurality of mobile devices106. In another embodiment the authentication PIN may be unique to amobile device 106. An authorized user may set or change the currentlyprevailing PIN common to a plurality of mobile devices. In case of suchauthentication PIN changes, the details of the PIN change are notifiedto other authorized users who share the common authentication PIN foraccessing the Bluetooth headset 101. A notification message regardingthe PIN change may be transmitted when the Bluetooth headset 101 fallswithin the coverage range of the other authorized mobile devices sharingthe common authentication PIN.

When the headset 101 enters the coverage range of an unauthorizeddevice, and a challenge-response sequence with the headset 101 isunsuccessful, the unauthorized device prompts the user to enter theauthentication personal identification number for authenticating accessto the headset 101. Authorized users requesting subsequent access to theheadset 101 may be automatically connected to the headset 101 throughchallenge response sequences.

In an embodiment of the invention, the headset 101 may be provisionedwith multiple PINs for different devices and can be used to service acall using any of the associated mobile devices. Providing multiple PINson a headset 101 may be useful when a user wants to share the singleheadset 101 for multiple audio gateways such as a mobile phone, a carphone or a desktop phone.

In yet another embodiment of the invention, the headset device 101 maybe provisioned with multiple PINs for a single mobile device 106.Allocation of multiple PINs for a single mobile device 106 may be usefulwhen multiple users of the single mobile device 106 need independentsecure connections to a common headset 101. PINs of independent users ofthe mobile device 106 may be associated with the respective users'profiles. When a particular user attempts to access the headset 101 withthe current user's profile, the headset 101 automatically uses the PINassociated with the current user's profile to establish the connection.The profiles of the users may be present either in the headset's memoryor in the memory unit 109 of the mobile device 106. The user's profilein the memory unit 109 of the mobile device 106 may be accessed throughthe memory access means of the headset 101, where the memory unit 109behaves as an extended external memory of the Bluetooth headset 101.

In one embodiment of the invention, an inactivity timer may be used todissociate the headset 101 from a mobile device 106 that is inactive fora long period. The sleep time of a mobile device 106 may be configuredin the inactivity timer. The headset 101 may automatically disconnectthe paired communication channel with the mobile device 106 that isinactive for a period longer than the configured sleep time. The sleeptime may be preconfigured or configured during registration of themobile device 106 with the headset 101.

The method and system of the present invention has been described in thecontext of Bluetooth wireless communication medium, although anywireless communication medium such as microwave, infrared (IR), etc.,may be employed for implementing the present invention.

The present invention is configured to work in a Bluetooth basedcommunication network environment, however it can be appreciated bythose skilled in the art that it can also be applied to work between anytwo devices that require PIN based authentication for setting up asecure channel and communicate via wireless or wired means.

It will be readily apparent that the various methods and algorithmsdescribed herein may be implemented in a computer readable medium, e.g.,appropriately programmed for general purpose computers and computingdevices. Typically a processor, for e.g., one or more microprocessorswill receive instructions from a memory or like device, and executethose instructions, thereby performing one or more processes defined bythose instructions. Further, programs that implement such methods andalgorithms may be stored and transmitted using a variety of media, fore.g., computer readable media in a number of manners. In one embodiment,hard-wired circuitry or custom hardware may be used in place of, or incombination with, software instructions for implementation of theprocesses of various embodiments. Thus, embodiments are not limited toany specific combination of hardware and software. A “processor” meansany one or more microprocessors, Central Processing Unit (CPU) devices,computing devices, microcontrollers, digital signal processors, or likedevices. The term “computer-readable medium” refers to any medium thatparticipates in providing data, for example instructions that may beread by a computer, a processor or a like device. Such a medium may takemany forms, including but not limited to, non-volatile media, volatilemedia, and transmission media. Non-volatile media include, for example,optical or magnetic disks and other persistent memory volatile mediainclude Dynamic Random Access Memory (DRAM), which typically constitutesthe main memory. Transmission media include coaxial cables, copper wireand fiber optics, including the wires that comprise a system bus coupledto the processor. Transmission media may include or convey acousticwaves, light waves and electromagnetic emissions, such as thosegenerated during Radio Frequency (RF) and Infrared (IR) datacommunications. Common forms of computer-readable media include, forexample, a floppy disk, a flexible disk, hard disk, magnetic tape, anyother magnetic medium, a Compact Disc-Read Only Memory (CD-ROM), DigitalVersatile Disc (DVD), any other optical medium, punch cards, paper tape,any other physical medium with patterns of holes, a Random Access Memory(RAM), a Programmable Read Only Memory (PROM), an Erasable ProgrammableRead Only Memory (EPROM), an Electrically Erasable Programmable ReadOnly Memory (EEPROM), a flash memory, any other memory chip orcartridge, a carrier wave as described hereinafter, or any other mediumfrom which a computer can read. In general, the computer-readableprograms may be implemented in any programming language. Some examplesof languages that can be used include C, C++, C#, or JAVA. The softwareprograms may be stored on or in one or more mediums as an object code. Acomputer program product comprising computer executable instructionsembodied in a computer-readable medium comprises computer parsable codesfor the implementation of the processes of various embodiments.

Where databases are described, such as the PIN database, it will beunderstood by one of ordinary skill in the art that (i) alternativedatabase structures to those described may be readily employed, and (ii)other memory structures besides databases may be readily employed. Anyillustrations or descriptions of any sample databases presented hereinare illustrative arrangements for stored representations of information.Any number of other arrangements may be employed besides those suggestedby, e.g., tables illustrated in drawings or elsewhere. Similarly, anyillustrated entries of the databases represent exemplary informationonly; one of ordinary skill in the art will understand that the numberand content of the entries can be different from those described herein.Further, despite any depiction of the databases as tables, other formatsincluding relational databases, object-based models and/or distributeddatabases could be used to store and manipulate the data types describedherein. Likewise, object methods or behaviors of a database can be usedto implement various processes, such as the described herein. Inaddition, the databases may, in a known manner, be stored locally orremotely from a device that accesses data in such a database.

The foregoing examples have been provided merely for the purpose ofexplanation and are in no way to be construed as limiting of the presentmethod and system disclosed herein. While the invention has beendescribed with reference to various embodiments, it is understood thatthe words, which have been used herein, are words of description andillustration, rather than words of limitations. Further, although theinvention has been described herein with reference to particular means,materials and embodiments, the invention is not intended to be limitedto the particulars disclosed herein; rather, the invention extends toall functionally equivalent structures, methods and uses, such as arewithin the scope of the appended claims. Those skilled in the art,having the benefit of the teachings of this specification, may effectnumerous modifications thereto and changes may be made without departingfrom the scope and spirit of the invention in its aspects.

1. A method of configuring an authentication personal identificationnumber on a headset, wherein said authentication personal identificationnumber allows communication of the headset with only those devices thatare authenticated using said authentication personal identificationnumber, the method comprising the steps of: providing a firstapplication on a device; providing a second application on the headset;configuring the personal identification number access information onsaid headset using said first application and second application,further comprising the steps of: establishing a secure communicationlink by completing challenge response interactions between the headsetand the device, using a currently prevailing personal identificationnumber; transmitting a new configuration set personal identificationnumber from said device to said headset, wherein said transmission isperformed via a secure Bluetooth wireless communication channel; andautomatically enforcing reauthentication using said new configurationset personal identification number.
 2. The method of claim 1, furthercomprising the step of establishing and locking a communication betweenthe device and the headset, wherein said communication is establishedusing the new configuration set personal identification number.
 3. Themethod of claim 1, wherein said personal identification number accessinformation can be configured multiple times.
 4. The method of claim 1,wherein when said headset enters the coverage range of an unauthorizeddevice, and a challenge response sequence with the headset isunsuccessful, the unauthorized device prompts a user of the unauthorizeddevice to enter the authentication personal identification number forauthenticating access to the headset.
 5. The method of claim 1, whereinwhen said headset enters the coverage range of an authorized device,said authorized device is automatically authenticated to access theheadset.
 6. The method of claim 1, wherein more than one personalidentification number is associated with the headset.
 7. The method ofclaim 1, wherein said authentication personal identification number maybe specific to a device, whereby said device uses said specificauthentication personal identification number to gain access to theheadset.
 8. A method of altering a plurality of configuration parametersof a headset using a human machine interface of a device, the methodcomprising the steps of: providing a first application on the device;providing a second application on the headset; configuring theparameters of said headset using said first application and secondapplication, further comprising the steps of: establishing a securecommunication link by completing a challenge response sequence betweenthe headset and the device, using a currently prevailing personalidentification number; and transmitting new values of said configurationparameters from said device to said headset, wherein said transmissionis performed via a secure Bluetooth wireless communication channel.
 9. Asystem for configuring an authentication personal identification numberon a headset and establishing a one to one communication correspondencebetween said headset and a device operated by a user, comprising: afirst application provided on said device, said first applicationfurther comprises a first personal identification number configurationmodule; a second application provided on the headset, said secondapplication further comprising: a second personal identification numberconfiguration module and a personal identification number identificationmodule; and a personal identification number storage means that storespermitted personal identification numbers; a first Bluetooth transceiverlocated within the device and a second Bluetooth transceiver locatedwithin the headset that transfer Bluetooth packets between the headsetand the device.
 10. The system of claim 9, wherein said personalidentification number storage means contains a memory unit and memoryaccess means.
 11. The system of claim 9, wherein said personalidentification number storage means contains a memory access means, andwherein the device further comprises a memory unit that is accessed bysaid memory access means.
 12. The system of claim 9, wherein in anattempt to establish a communication correspondence between the deviceand the headset, the user is required to input the unique personalidentification number when prompted, wherein after authentication usingthe personal identification number, a communication correspondence ispermitted between the device and the headset.
 13. The system of claim10, wherein the memory unit of the second application stores userprofiles, headset information, personal identification number accessinformation, currently prevailing personal identification number, thetime at which the personal identification number was set, and details ofthe users permitted to change the personal identification number, and alist of all the permitted personal identification numbers.
 14. Thesystem of claim 9, further comprising a communication module thatestablishes authenticated communication, locks said authenticatedcommunication for the entire duration of the connection, warns the userif the headset moves out of the coverage range, and disconnects existingconnection after said duration.
 15. A computer program productcomprising computer executable instructions embodied in acomputer-readable medium, said computer program product comprising: afirst computer parsable program code on a headset for conductingpersonal identification number identification and authenticationprocedures; a second computer parsable program code on a device forconducting personal identification number identification andauthentication procedures; a third computer parsable program code forconfiguring the personal identification number access information onsaid headset, further comprising: a fourth computer parsable programcode for establishing a secure communication link by completingchallenge response interactions between the headset and the device,using the currently prevailing personal identification number; a fifthcomputer parsable program code for transmitting a new configuration setpersonal identification number from said device to said headset, whereinsaid transmission is performed via a secure Bluetooth wirelesscommunication channel; and a sixth computer parsable program code forautomatically enforcing reauthentication using said new configurationset personal identification number.
 16. The computer program product ofclaim 15, further comprising a seventh computer parsable program codefor establishing and locking a communication between the device and theheadset, wherein said communication is established using the newconfiguration set personal identification number.